Despite hyperbole to the contrary, the SAFE Act that passed the House …

Share this story

ISPs could face tougher penalties for failing to report child pornography under a bill passed yesterday by the House, but don't start searching the skies for the black helicopters yet: the bill doesn't require any active surveillance of user behavior, and it won't affect your local coffee shop's WiFi, despite what you may have read.

ISPs already have a duty to notify authorities if they stumble across anything that appears to be child pornography or molestation evidence. The new bill ups the penalties for not reporting this information; ISPs now face up to $150,000 for a first violation and up to $300,000 for subsequent violations. The bill also requires ISPs to retain copies of all information filed in these reports, and to do so for 180 days in case they are needed for use as evidence in court.

Now, what does the bill not do? It explicitly tells ISPs that they do not need to "monitor any user, subscriber, or customer," they do not need to "monitor the content of any indication," or even "affirmatively seek facts or circumstances." In other words, if you see it, you are legally obligated to report it, but ISPs do not need to become child porn detectives.

The National Center for Missing and Exploited Children praised the bill, calling it a step toward "better reporting, investigation, and prosecution of those who use the Internet to distribute images of illegal child pornography."

The bill was relatively noncontroversial, as evidenced by its huge bipartisan support. That's not evidence it's a good law, but it suggests at least that the legislation is not a harbinger of the coming Apocalypse. Yet some news reports already question the motives of the House leaders who held the vote and claim that the bill would "slap new restrictions on hundreds of thousands of Americans and small businesses who offer public wireless connections." The bill will allegedly cover "individuals, coffee shops, libraries, hotels, and even some government agencies that provide Wi-Fi."

Wow, that's bad. But is that really what's happening here?

WiFi isn't mentioned in the bill. Neither are coffee shops, libraries, or individuals running access points in their basements. The bill's provisions apply to anyone "engaged in providing an electronic communication service or a remote computing service to the public through a facility or means of interstate or foreign commerce." Parse that as you will.

I contacted the office of Rep. Nick Lampson (D-TX), who introduced the bill, to see whether he understood it to cover hundreds of thousands of Americans and small businesses who offer WiFi. A spokesperson told me that, in his view, that broad interpretation was incorrect, but he had to check in with policy staffers before confirming it. We did not hear back by press time.

Whatever the bill applies to, though, the law is quite clear that those who offer Internet access don't have to do any additional monitoring. There are no "restrictions" on their services. The bill updates an already-existing notifcation requirement and stiffens the penalties, but only for those presented with clear evidence of child porn who make a "knowing and willful failure" to report it.